150 lines
5.7 KiB
Diff
150 lines
5.7 KiB
Diff
commit ac95824beca21a6f8c7b51b6f7afebf01fbb1b4c
|
|
Author: Tomas Korbar <tkorbar@redhat.com>
|
|
Date: Thu Feb 2 09:50:20 2023 +0100
|
|
|
|
Fix bio_apr_socket_ctrl in tests and fix test_ssl_handshake
|
|
|
|
diff --git a/test/server/test_sslserver.c b/test/server/test_sslserver.c
|
|
index 6c1a028..b9288e4 100644
|
|
--- a/test/server/test_sslserver.c
|
|
+++ b/test/server/test_sslserver.c
|
|
@@ -96,7 +96,7 @@ static int bio_apr_socket_destroy(BIO *bio)
|
|
|
|
static long bio_apr_socket_ctrl(BIO *bio, int cmd, long num, void *ptr)
|
|
{
|
|
- long ret = 1;
|
|
+ long ret = 0;
|
|
|
|
switch (cmd) {
|
|
default:
|
|
@@ -104,6 +104,7 @@ static long bio_apr_socket_ctrl(BIO *bio, int cmd, long num, void *ptr)
|
|
break;
|
|
case BIO_CTRL_FLUSH:
|
|
/* At this point we can't force a flush. */
|
|
+ ret = 1;
|
|
break;
|
|
case BIO_CTRL_PUSH:
|
|
case BIO_CTRL_POP:
|
|
diff --git a/test/test_context.c b/test/test_context.c
|
|
index 74e53b4..5e2bddf 100644
|
|
--- a/test/test_context.c
|
|
+++ b/test/test_context.c
|
|
@@ -1164,6 +1164,37 @@ ssl_server_cert_cb_reject(void *baton, int failures,
|
|
return SERF_ERROR_ISSUE_IN_TESTSUITE;
|
|
}
|
|
|
|
+/* Set up the ssl context with the CA and root CA certificates needed for
|
|
+ successful valiation of the server certificate. */
|
|
+static apr_status_t
|
|
+https_set_root_ca_conn_setup(apr_socket_t *skt,
|
|
+ serf_bucket_t **input_bkt,
|
|
+ serf_bucket_t **output_bkt,
|
|
+ void *setup_baton,
|
|
+ apr_pool_t *pool)
|
|
+{
|
|
+ serf_ssl_certificate_t *rootcacert;
|
|
+ test_baton_t *tb = setup_baton;
|
|
+ apr_status_t status;
|
|
+
|
|
+ status = default_https_conn_setup(skt, input_bkt, output_bkt,
|
|
+ setup_baton, pool);
|
|
+ if (status)
|
|
+ return status;
|
|
+
|
|
+ status = serf_ssl_load_cert_file(&rootcacert,
|
|
+ get_srcdir_file(pool,
|
|
+ "test/server/serfrootcacert.pem"),
|
|
+ pool);
|
|
+ if (status)
|
|
+ return status;
|
|
+ status = serf_ssl_trust_cert(tb->ssl_context, rootcacert);
|
|
+ if (status)
|
|
+ return status;
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
/* Validate that we can connect successfully to an https server. This
|
|
certificate is not trusted, so a cert validation failure is expected. */
|
|
static void test_ssl_handshake(CuTest *tc)
|
|
@@ -1171,7 +1202,6 @@ static void test_ssl_handshake(CuTest *tc)
|
|
test_baton_t *tb;
|
|
handler_baton_t handler_ctx[1];
|
|
const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]);
|
|
- int expected_failures;
|
|
apr_status_t status;
|
|
test_server_message_t message_list[] = {
|
|
{CHUNKED_REQUEST(1, "1")},
|
|
@@ -1180,9 +1210,6 @@ static void test_ssl_handshake(CuTest *tc)
|
|
test_server_action_t action_list[] = {
|
|
{SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE},
|
|
};
|
|
- static const char *server_cert[] = { "test/server/serfservercert.pem",
|
|
- NULL };
|
|
-
|
|
|
|
/* Set up a test context with a server */
|
|
apr_pool_t *test_pool = tc->testBaton;
|
|
@@ -1190,57 +1217,20 @@ static void test_ssl_handshake(CuTest *tc)
|
|
status = test_https_server_setup(&tb,
|
|
message_list, num_requests,
|
|
action_list, num_requests, 0,
|
|
- NULL, /* default conn setup */
|
|
+ https_set_root_ca_conn_setup,
|
|
get_srcdir_file(test_pool, "test/server/serfserverkey.pem"),
|
|
- server_certs_srcdir(server_cert, test_pool),
|
|
+ server_certs_srcdir(server_certs, test_pool),
|
|
NULL, /* no client cert */
|
|
- ssl_server_cert_cb_expect_failures,
|
|
+ ssl_server_cert_cb_expect_allok,
|
|
test_pool);
|
|
CuAssertIntEquals(tc, APR_SUCCESS, status);
|
|
|
|
- /* This unknown failures is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
|
|
- meaning the chain has only the server cert. A good candidate for its
|
|
- own failure code. */
|
|
- expected_failures = SERF_SSL_CERT_UNKNOWNCA;
|
|
- tb->user_baton = &expected_failures;
|
|
-
|
|
create_new_request(tb, &handler_ctx[0], "GET", "/", 1);
|
|
|
|
test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx,
|
|
test_pool);
|
|
}
|
|
|
|
-/* Set up the ssl context with the CA and root CA certificates needed for
|
|
- successful valiation of the server certificate. */
|
|
-static apr_status_t
|
|
-https_set_root_ca_conn_setup(apr_socket_t *skt,
|
|
- serf_bucket_t **input_bkt,
|
|
- serf_bucket_t **output_bkt,
|
|
- void *setup_baton,
|
|
- apr_pool_t *pool)
|
|
-{
|
|
- serf_ssl_certificate_t *rootcacert;
|
|
- test_baton_t *tb = setup_baton;
|
|
- apr_status_t status;
|
|
-
|
|
- status = default_https_conn_setup(skt, input_bkt, output_bkt,
|
|
- setup_baton, pool);
|
|
- if (status)
|
|
- return status;
|
|
-
|
|
- status = serf_ssl_load_cert_file(&rootcacert,
|
|
- get_srcdir_file(pool,
|
|
- "test/server/serfrootcacert.pem"),
|
|
- pool);
|
|
- if (status)
|
|
- return status;
|
|
- status = serf_ssl_trust_cert(tb->ssl_context, rootcacert);
|
|
- if (status)
|
|
- return status;
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
/* Validate that server certificate validation is ok when we
|
|
explicitly trust our self-signed root ca. */
|
|
static void test_ssl_trust_rootca(CuTest *tc)
|
|
|